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AMENDMENTS TO THE my ™ 
1- (Currently Amended) A method comprising- 

ZSr' v' ^ " Inteniet h ° St " n ° dfiCad0n ° f a of service (DDoS) arrack: 

transimtted by one or more attack host computers, is received; and 

w^n^p^^ 

soueteh rWt.i , ^reprogmmmad-ap a4m misrrnTnr prop ram^ nr^o 

squeicn time to Jive value to define an ptihW^ ^ ^ . 

10 0611110 311 expiration time for the one or more filters. 

monitoring network traffic received by an Internet hosr, and 
in*™, IT"* L* SeCU, " S ' aU * a " icatte " «° <■» «P—» touteineludmg wtamtaui. 



router. 



itabfytog attack raffle characteristic, of th. atUKk traffic received,,, an Interne. nost . 
generanng one orrnr™ fflters based on A, identified attack traffic characteristics snch'tfa* 

a* one armor, a*. osi „g . ^ „ 

5. (Currently Amended) A method comprising- 

receiving one or more filters from the Internet host; 
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when security authentication is established verifvina th»t 

once verified, generating a filter expiration time for m nit- k ^ 

Inte™^"^ 0 '^'*^^ 

•U-fa*. Un*i torn the security authenticate, «,„„■; 

authenticating tt source of the one or more fillers received as tho Internet host4 

^ a ,T fT""" ^"^"'^'^nttortas prognmraetUDDoS squelch 
tune to Ixve value for received filters; «iucicn 

once verified, verifying that an action component of each of the filters is drop; and 
other***, disregarding the one or more filters received from the Internet host, 

comprises: Ckim5 > whercin verifying me one or more filters further 

themte^ 

comparing the selected destination address components against an address of the Internet 

verifying that the sefected destination addresses matches the Internet host address- and 
otherwise, disregarding the one or more filters received from the Internet host 

comprisls: (0ri8faial) meth0d ° f daim 5 ' Whercin ****** ** one Alters further 
^ ^S"«"or^ 
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dropping the selected network traffic such that attnrV r™«^ . Jt _ 
10. (Original) The method of claim 5. further comprising- 

selectmg a port from the one or more determined ports- 
determining an upstream router connected to the selected port based on a rooting table- 
securely forwarding the one or more fflte rs ^d from ^ ^ J^^L* 
upstream router as a routing protocol update; and 

port , the selecting, detaining and utilize for each of the one or more detuned 

11. (Currently Amended) A method comprising: 
receiving a routing protocol update from a downstream router, 
router Meeting one - -ere mters from me roudng protocol update ^ 

establishing security authentication of the downstream router 
_ once authentication is established, ^^^c^^m^^o^mmA 
traffic directed to the downstream router, ™ynerwonc 

once verified, generating a filter expiration toe for each fitr^.^ n rmmrnrrmnmt J i», 
once the expiration time expires;.and weuninstauea 

nrev^^f ""J** " *"* "** one or more filter, is 

prevented from reaching the downstream router. 

12 (Previously Presented) The method of claim 11, wherein estabh shing security 
authentication of the downstream router further comprises- «sning security 

downstr^ut" 

authenu;^^ 

authenticating a source of the one or more filters as the downstream router 

once authenticated, verifying that a router adrninistrator has programmed aDDoS squelch 

time to live value for received filters; 4 
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""""»*- verifying te „, „ a**^ M 

selecting a destination address component for each of the one or more filters* 

venfymg to. the do™s,ream router is a next nop router ^ „ 

°*e™ S e. oWg-^g the one or more filters ^ ta „,, ^ 

M. (Original) Tnemethodofctoimll.funherconiprises- 
selecting a port from the one or more determined ports' 

^ selects, detenm™^ 

st™er^dj^ y/ ^^^ 
perrorm operations, comprising: 

Having, by an hterne, ho*, noufictfon * , disrtbufcd derial of .ervice (DDoS, alKK]c . 

,nl ™^<W~«r ra ^| lo « e0In ^ b ^ ve(tllIld m " Hc - 

once security authentication is established, transmitting one or more alters to the unstrea™ 

10 hve value to tefae an expiration time for the one or more filters. 

mM±t!LJZT**!r^ ^^^^^^^^.whe^in detecting Che 
attack traffic causes the machine to perform further operations, comprising- 

monnoring neiwork traffic received by an Internet host; and 

when a distributed denial of service attack is detected ™r, , k t 

distributed denial of service attack. ' ^ h0Sl of * e 
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18. ^viouslyIte e nttd)ll,eartcte 0 f nM ^ (lcIllreofcMmI<! wllm . . 

WlnsnHtring the one or more digitally signed filters to die upstream router. 
ston« K LJS ra ° ,lyArae " ded) ^^' etf ™'^«»»f*ng ama chir*re ah b 1 e 

establishing a security authentication of a downstream device- 
do«™, OTCe r Urity auIhen ^ is ^lished, verifying that one or more filter, from the 
do^treamdev.cesdecto^yne^or^c directed to the downstn^ device; and 

once verified, generating a filter expiration time for each fiir«. ***** ~ 

once tne expiration time expires; and 

instiling the one or more filters such that network traffic matching the one or more filters is 
prevented from reaching the downstream device. one or more filters is 

secunrv^then^ 81 " ^ ° f ^ !9. wherein caching 

secunry authenucanon causes the machine to perform further operations, coming: 

receiving a routing protocol update from the downstream device- 
sc^ngaurh^ 

infonj^^^ 

update^T^^^ 

authenticatins integrity of the one or more filters based on a digital o[ ^ mtere 
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one or 



often**, di^ng te „, „ mo „ ^ _ ^ ^ 

23. (fteviouslyPresemed) THemicleof m»nufaetaieof claim 19 . -.• ,.• 

■^cdng *e arnica tofonmtiol , ta ^ ^ 

25. (Htviously Iterated) ^ ^ ammufacBm ^ 

perform further operations, comprising: ™ ne t0 
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selecting a port ftom the oik or man determined ports- 

26. (Currently Amended) An apparatus, comprising: 
a processor having circuitry to execute instractionsi 

. control plane interface coupled to the processor, the cont»Manemtert!«,o packet 
pn^»ng 1 U^and». uto „ MKaso ^ rfto ^ [ ^^ ate ^ M P-'» 

which ZZTJT b T" a ^'^ M " B >^ m,i ™^^^ 

wmcn when executed by the processor cause the processor to: 

establish a security authentication of a downstream device 

once security authentication is established, verify that one ormore filters from the 
downs^amdevtce^lector^^ refrointhe 

once verified, generate a filter expiration time fcr-d, ^ „ r^aau^j M , 

once tne expiration tune expires; and 

install the one or more filters such that network traffic matching the one or more filters is 
prevented from reaching the downstream device. 

ew * H f ' . (PreVious, y Presented > ^apparatus of claim 26. wherein the instruction to 

estabhsh security authentication further causes the processor to: 

receive a routing protocol update from the downstream device- 
select authentication information the received from routing protocol update- 

inf^T^ * b ~ d on ** ***** authentication 

^ once authenticated, select the one or more filter, from the received routing protocol update; 
authenticate integrity of ch e one or more filters based on a digital signature of the filters. 
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* e on 28 ' C ^ Vi0US,y FteSented) ^ aPParatUS ° f C,aim 26 ' wne ™ the instruction to receive 
the one or more filters further causes the processor to: 

authenticate a source of the one or more filters received as the downstream device- 
tonvevZ^ 

once verified, verify that an action component of each of the filters is drop; and 
otherwise, disregard the one or more filters received from the downstream device. 

tb . °!!r 0US,y Presemed) ^ tf'laim 26. wherein the instruction to verify 

the one or more filters further causes the processor to- X 

downs^o^ 

compare the destination address components against routing table 

venfy that ^downstream device is a next hop router according to the ro uting table, and 

otherwise, disregard the one or more filters received from the downstream device. 

filtersful ( ^*f )The ^^^ 
njters further causes the processor to: 

device. IT tta£RC ,miChing 0ne ° f ra ° rc * me filtera re <*ived from me downstream 

drop the selected network traffic such tnat attack n^c received from one or more host 

31. (Original) TheapparamsofcI a im2<J,wher e mtheproce S sorisfunherc auS edto- 
determine, by a router receiving the one or more filters from the downstream device, one or 
more ports from which the attack traffic matching the oneormorafiir™;.^- . ' 
a routing table ««"<™ng me one or more filters is being received based on 

determine one or more upstream routers connected to the determined ports 
estabhsh a secure connection with each of the one or more upstream routers, and 
forward the one or more filters received Jrom the downstream device to the one or more 
upstream routers. 

32 (Original) The apparatus of claim26. wherem me instruction to establish security 
auwentication further causes the processor to: snsecunry 

receiving a request for security authentication including authentication information from the 



downstream device; 
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deci^tingthereceived authentication infoimation- 

selecting the authentication ^formation from the security authentication request; and 
informati^ 

33. CPreviously Presented) A system comprising: 
an Internet host; 

a wide area network; and 

a router coupled between the Internet host and the wide area network, the router having- 
a processor having circuitry to execute instructions; 
acon ^ Plane inte^ 
packet process^ filers, and to authenticate a source of the packet processing filters; and 

wh,>h V t0raSe T to Pr ° CeSSOr ' havin * sc ^ n «* of instructions stored therein 

which when executed by the processor cause the processor to- 

service fl^Ef ^ "** ' — - 

receive one or more filters from the Internet host; 

when security authentication is established, verify that the one or more filters select 
only network traffic directed to the Internet host; and 

once verified, generate a filter expiation time for each fiher based on 

once the expiration time expires; and 

install the one or more filters such that network traffic matching the one or more filters is 
prevented from reaching the Internet host ,S 

34. (Original) The system of claim 33, 
wherein the Internet hostieceives notification of a 

^shessecunty authentications 

nouter ch that attack traffic is dropped *y^s^r^,^ hy ^ n ^ e «^ 
denial of service attack. * u 

35. (Original) The system of claim 33, wherein the processor is further caused to' 
deteimme, by a router receiving the one or more filters from a downstream device one or 

determine one or more upstream routers connected to the determined ports, and 
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mm* .nl^ *" " fiten reCeived ^ *• downstream device to the one or 

more upstream routers as a routing protocol update. 
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